KeyBTC Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 80 % (High) |
Infected Computers: | 17 |
First Seen: | May 2, 2016 |
Last Seen: | November 25, 2020 |
OS(es) Affected: | Windows |
The KeyBTC Ransomware is an encryption ransomware infection. The KeyBTC Ransomware is used to carry out a common ransomware attack that takes the victim's files inaccessible by encrypting them and then demands the payment of a ransom to decrypt the affected files. The KeyBTC Ransomware may be distributed using corrupted email attachments that may be disguised as shipping or postal notification email messages. These messages contain a harmful ZIP file attachment. Although the compressed file looks like a Microsoft Word document, when opened it is a corrupted JavaScript file with the extension '.JS' which, when opened, may download and install threats on the victim's computer. The KeyBTC Ransomware changes the encrypted files' extensions to '.the KeyBTC@inbox_com,' hinting that the victim should contact this email address to recover from the KeyBTC Ransomware infection. The KeyBTC Ransomware also displays messages with a ransom note, alerting the victim of the infection, and including instructions for payment and decryption.
How the KeyBTC Ransomware Attack Works
The KeyBTC Ransomware uses the PGP/RSA encryption method, generating public and private keys when encrypting the victim's files. The KeyBTC Ransomware creates two different files when encrypting files (File1.bin and File2.bin). These files contain information about the encryption, including the private key. These files are dropped on the victim's Desktop and encrypted by using a different encryption key which is stored on the con artists' computer. It may become almost impossible to decrypt the victim's files without access to the decryption keys. To restore the encrypted files, the victims may have to contact the con artists responsible for this attack using the instructions in the ransom note. These instructions ask the victim to attach the two files on their email. The victim will then receive instructions, including the amount of the ransom and one decrypted file to demonstrate that the con artists can actually decrypt them. The best way to recover from a the KeyBTC Ransomware attack is to restore the encrypted files from a backup. Backing up important files is paramount, and costs only a fraction of what it would cost to recover from one of these types of attacks.
Recovering from a the KeyBTC Ransomware Attack
Paying the KeyBTC Ransomware ransom does not guarantee that the con artists will provide you with the decryption key. More importantly, paying these con artists allows them to continue carrying out these attacks. Because of this, computer users should ensure that all files are properly backed up. You can prevent the KeyBTC Ransomware attacks in the first place by avoiding unsolicited email attachments and using a strong anti-malware program to protect your computer and reduce the amount of spam email in your inbox. The following is an example of the ransom note used by the KeyBTC Ransomware:
ATTENTION:
All your documents, photos, databases and other important personal files were encrypted using strong RSA-1024 algorithm with a unique key. If you want to restore your files please follow the instructions:
1. Send email to the KeyBTC_@_inbox.com, with the following files in attachment:
- FILE1.BIN and FILE2.BIN files (check your desktop and local disks to find these files or just use Windows Search.
- One of your encrypted personal file for test decryption. Supported types: DOC/DOCX, JPG/JPEG, PDF. Maximum file size: 3 Mb.
2. Wait for email from us containing:
- Your decrypted file, proving that we can really help you.
- Decryption price and payment details.
3. Make payment.
4. Receive decryption key and detailed instructions how to decrypt your files.
IMPORTANT:
- You must contact us in 24 hours, unless the price will rise.
- Nobody can help you except us. It is useless to reinstall Windows, rename files, etc.
- Your files will be decrypted as quick as you contact us and make payment.
If you have any question, please feel free to ask.
Contact email: the KeyBTC_@_inbox.com
The KeyBTC Ransomware has a surprisingly reduced list of files that it targets. Some of the files that are typically encrypted by this threat include:
.mdb , .pdf , .rtf , .accdb , .slddrw , .zip , .rar , .max , .jpg , .xls , .xlsx , .doc , .docx , .cdr , .dwg , .1cd , .cd.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.